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DETAILED ACTION 

Claims 1-12 and 14-19 are currently presented and have been 
examined . 

Response to Arguments 

Applicant's arguments filed 7 June 2006 have been fully 
considered but they are not persuasive. 

The Applicant argues that Freund does not disclose 
receiving a request for content from a client computer, where 
said request includes a port number assigned to an application 
program running on said client computer. 

Freund expressly discloses: 

"The flow diagram illustrated in FIG. 9 shows a method 900 
of operation for the router-side security module of the present 
invention when the router receives a request for connection to 
the Internet from a local computer . In step 910, a connection 
attempt from one of the local computers to the Internet is 
received by the router." (paragraph 0147) 

"In step 950 the routing component determines whether or 
not the destination port is HTTP (port 80 TCP) ." (paragraph 
0148) 

"For purposes of discussion, the following description will 
present examples in which it will be assumed that there exists a 
"server" (e.g., Web server) that communicates with one or more 
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"clients" (e.g., personal computers running Web browsers such as 
Netscape Navigator or Microsoft Internet Explorer) . " (paragraph 
0065) 

Therefore, Freund clearly discloses these limitations. 

The Applicant argues that the "sandbox server" as described 
in Freund is not a content filtering server as described in the 
claim. However, the claim does not specifically recite and 
therefore require any functional feature other than the claimed 
"configured to listen for requests on said new port number" and 
indicating "whether said content is restricted based on said 
request and said new port number". Limitations from the 
specification are not read into the claim. See In re Van Geuns, 
988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

As shown in Freund, the "sandbox server" listens for 
requests on the new port number (paragraph 0149, specifically 
"Also in step 951, if the entry in the router compliance table 
is less than 256, then the destination port is set to the value 
of the table entry plus 8080. For example if the table entry is 
1, the destination port is set to port 8081 (which represents 
8080 plus 1) . This also conveys information to the sandbox 
server in the HTTP header permitting the sandbox server to 
categorize the reason for non-compliance.") (see also paragraph 
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0115, specifically "The sandbox server listens for 
communications on a number of ports."). 
Freund also discloses: 

"If a computer has not properly responded or if a computer 
has not answered the router challenge, then the computer is not 
allowed to connect to the Internet as requested. Instead, the 
non-compliant computer is redirected and permitted only a 
limited Internet connection to the sandbox server. In this 
situation, the security module only allows the non-compliant 
computer to access the sandbox server to perform a defined set 
of tasks to address the non-compliance. All other Internet 
access by the non-compliant computer is disabled ." (paragraph 
0148) 

"The sandbox server listens for communications on a number 
of ports. When the sandbox server receives a packet on a 
particular port, the port that is used for communication signals 
a particular compliance problem for the client computer that is 
redirected. The port acts to categorize the reason for the 
redirection of the client computer in this fashion. Based on the 
port which the packet is received, the sandbox server displays 
an appropriate error page corresponding to the compliance 
problem that is detected ." (paragraph 0115) 
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Therefore, Freund specifically discloses that the sandbox 
server is configured to listen for requests on said new port 
number and indicates whether said content is restricted based on 
said request and said new port number by limiting access by the 
client to the Internet by providing an error message that 
indicates why content is restricted. Since the claim does not 
specifically recite what type of content is restricted or what 
specifically what the indication by the content filtering server 
is used or exactly what is being indicated besides the nominally 
recited indication of content restriction, limiting access by a 
client to the Internet as disclosed in Freund is interpreted by 
the Examiner to be restricting content and the sandbox server 
provides an indication by providing an error page. Therefore, in 
view of the claim's broadest reasonable interpretation, Freund 
does disclose these limitations. 

Therefore, Freund does disclose the limitations of the 
claim and the claims are not in condition for allowance. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs 
of 35 U.S.C. 102 that form the basis for the rejections under 
this section made in this Office action: 

A person shall be entitled to a patent unless - 

<e) the invention was described in (1) an application for patent, published 
under section 122(b), by another filed in the United States before the 
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invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the 
effects for purposes of this subsection of an application filed in the 
United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English 
language . 

Claims 1-6, 11-12, 14-15, and 17-19 are rejected under 35 
U.S.C. 102(e) as being anticipated by US Patent Application 
Publication 2003/0055962 to Freund et al . 

Regarding claim 1, Freund discloses a method for content 
filtering, comprising : 

receiving a request for content from a client computer, 
where said request includes a port number assigned to an 
application program running on said client computer; (paragraph 
0147, specifically step 910) 

determining that said port number is a predetermined port 
number associated with the request for content; (paragraph 0147, 
specifically step 950) 

renumbering said request with a new port number; (paragraph 
0149, specifically "...the destination port is set...") 

transmitting said request with said new port number to a 
content filtering server ("sandbox server") that is configured 
to listen for requests on said new port number; (paragraph 0149, 
specifically "...reroute this packet to the sandbox server...") 



Application/Control Number: 10/040,77-0 Page 7 

Art Unit: 2143 

obtaining from said content filtering server an indication 
of whether said content is restricted based on said request and 
said new port number, (paragraph 0149, specifically the sentence 
"Using this information,..") 

Claim 18 is rejected since claim 18 recites a computer 
program product that contains substantially the same limitations 
as recited in claim 1. 

Regarding claim 2, Freund discloses the method for content 
filtering of claim 1, wherein said renumbering comprises: 

determining a user of said client computer's filtering 
privilege and changing said request with said new port number 
based on said filtering privilege, (paragraph 0149) 

Regarding claim 3, Freund discloses the method for content 
filtering of claim 1, wherein said obtaining further comprises 
receiving said requested content, thereby indicating that said 
content is not restricted, (paragraph 0149, specifically the 
paragraph "An alternative approach...") 

Regarding claim 4, Freund discloses the method for content 
filtering of claim 3, further comprising transmitting said 
content to said client computer, (paragraph 0149, specifically 
the paragraph "An alternative approach...") 

Regarding claim 5, Freund discloses the method for content 
filtering of claim 1, wherein said obtaining further comprises 
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receiving a notification that said content is blocked, 
(paragraph 0149, specifically the paragraph "Using this 
information. . . ") 

Regarding claim 6, Freund discloses the method for content 
filtering of claim 5, further comprising notifying said client 
computer that said content is blocked, (paragraph 014 9, 
specifically the paragraph "Using this inf ormation . . . ") 

Regarding claim 11, Freund discloses the method for content 
filtering of claim 1, further comprising, after said receiving, 
determining an Internet Protocol (IP) address of said client 
computer, such that said method for content filtering applies 
only to a particular client computer, (paragraph 0147) 

Regarding claim 12, Freund discloses the method for content 
filtering of claim 1, wherein said determining further comprises 
ascertaining that said port number is TCP (Transmission Control 
Protocol) port 80. (paragraph 0148, specifically step 950) 

Regarding claim 14, Freund discloses a content filtering 
gateway ("router") , comprising: 

a Central Processing Unit (CPU) ; communications circuitry; 
and input/output ports; and a memory containing an operating 
system; (paragraph 0074) 

a port sniffer; (paragraph 0147, specifically the sentence 
"In step 910. . .") 
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a database of filtering privileges and associated port 
numbers ("router compliance table"); (paragraph 0149) and 
filtering procedures comprising: 

instructions for receiving a request for content from a 
client computer, where said request includes a port number 
assigned to an application program running on said client 
computer; (paragraph 0147, specifically step 910) 

instructions for determining that said port number is a 
predetermined port number associated with the request for 
content; (paragraph 0147, specifically step 950) 

instructions for renumbering said request with one of said 
associated port numbers from the database of filtering 
privledges to form a new port number; (paragraph 014 9, 
specifically " . . . the destination port is set...") 

instructions for transmitting said request with said one of 
said new port number to a content filtering server that is 
configured to listen for requests on said new port number; 
(paragraph 0149, specifically "...reroute this packet to the 
sandbox server...") 

and instructions for obtaining from said content filtering 
server an indication of whether said content, is restricted based 
on said request and said new port number, (paragraph 014 9, 
specifically the sentence "Using this information...") 
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Regarding claim 15, Freund discloses the content filtering 
gateway of claim 14, wherein said memory further comprises a 
filtering database containing a filtering database of Internet 
Protocol (IP) addresses and their associated filter privileges, 
(paragraph 0147) 

Regarding claim 17, Freund discloses the content filtering 
gateway of claim 14, wherein said memory further comprises 
authentication procedures ("security module' 7 ) . (paragraph 0147) 

Regarding claim 19, Freund discloses a system for content 
filtering, comprising: 

at least one content server that stores content ("Web 
site"); (paragraph 0007) (see also Figure 3, element 350) 

at least one client computer configured to transmit a 
request for said content to said at least one content server, 
where said request contains an address of said content server 
and a port number associated with said request for said content 
("destination IP address" and "destination port") ; (paragraph 
0007 and 0147) 

a gateway coupled to said at least one client computer, 
where said gateway is configured to receive and renumber said 
request with a new port number associated with a filter 
privilege of a user of said at least one client computer; 
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(paragraph 0149, specifically "...the destination port is 
set. . .") 

a content filtering server, configured to block restricted 
content based on said filter privilege, said request and said 
new port number ("sandbox server' 7 ) ; (paragraph 014 9) and 

a switch coupled to said gateway, said content filtering 
server, and said at least one content server, where said switch 
is configured to listen for said request on said new port number 
and to redirect said request to said content filtering server, 
("routing component "; Figure 3, element 313) 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not identically- 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere 
Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for 
establishing a background for determining obviousness under 3 5 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art . 
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2. Ascertaining the differences between the prior art and 
the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent 
art . 

4. Considering objective evidence present in the 
application indicating obviousness or nonobviousness . 

This application currently names joint inventors. In 
considering patentability of the claims under 35 U.S.C. 103(a), 
the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered 
therein were made absent any evidence to the contrary. 
Applicant is advised of the obligation under 37 CFR 1.56 to 
point out the inventor and invention dates of each claim that 
was not commonly owned at the time a later invention was made in 
order for the examiner to consider the applicability of 35 
U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) prior 
art under 35 U.S.C. 103(a). 

Claims 7-10 and 16 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Freund et al in view of "SonicWall SOHO 
Internet Security Appliance" ("SonicWall") . 

Regarding claim 7, Freund discloses the method for content 
filtering of claim 5. 

Freund does not expressly disclose the method further 
comprising : 
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receiving login details from said client computer; 
authenticating a user of said client computer based on said 
login details; determining said user's filter privileges based 
on said login details; ascertaining an additional port number 
based on said filter privileges; renumbering said request with 
said additional port number; transmitting said request with said 
additional port number to a content filtering server that is 
configured to listen for requests on said additional port 
number; and acquiring from said content filtering server an 
indication of whether said content is restricted based on said 
request and said additional port number, however, Freund does 
disclose determining said user's filter privileges; ascertaining 
an additional port number based on said filter privileges; 
renumbering said request with said additional port number; 
transmitting said request with said additional port number to a 
content filtering server that is configured to listen for 
requests on said additional port number; and acquiring from said 
content filtering server an indication of whether said content 
is restricted based on said request and said additional port 
number as shown above regarding claim 5 . 

"SonicWall" discloses receiving login details from a client 
computer; authenticating a user of the client computer based on 
the login details; and determining a user's filter privileges 
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based on the login details, (pages 99-101, "'User 
Authentication", specifically "Establishing an Authenticated 
Session") 

It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to combine the teachings 
of these references since "SonicWall" discloses that 
authenticating a user and determining a user's filter privileges 
based on login details enables a user to bypass the content 
filter (page 99, "User Authentication", first paragraph) . In 
view of these specific advantages and that the references are 
directed to using an intermediary device in a content filtering 
system that determines filtering privileges, one of ordinary 
skill would have been motivated to combine these references and 
would have considered them to be analogous to one another based 
on their related fields of endeavor, which would lead one of 
ordinary skill to reasonably expect a successful combination of 
the teachings. 

Regarding claim 8, Freund and "SonicWall" disclose the 
method for content filtering of claim 7. 

Freund discloses wherein said acquiring further comprises 
receiving said requested content indicating that said content is 
not restricted, (paragraph 0149, specifically the paragraph "An 
alternative approach...") 
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Regarding claim 9, Freund and "SonicWall" disclose the 
method for content filtering of claim 7. 

Freund discloses wherein said acquiring further comprises 
receiving a notification that said content is blocked, 
(paragraph 0149, specifically the paragraph "Using this 
information. . . ") 

Regarding claim 10, Freund and "SonicWall" disclose the 
method for content filtering of claim 7. 

Freund does not expressly disclose the method further 
comprising associating said login details with an Internet 
Protocol (IP) address of said client computer, such that said 
method for content filtering applies only to a particular client 
computer, however, Freund does disclose determining an Internet 
Protocol (IP) address of said client computer, such that said 
method for content filtering applies only to a particular client 
computer, (paragraph 0147) 

Freund and "SonicWall" do not expressly disclose 
associating said login details with an Internet Protocol (IP) 
address of said client computer, such that said method for 
content filtering applies only to a particular client computer, 
however, Freund does disclose determining an Internet Protocol 
(IP) address of said client computer, such that said method for 
content filtering applies only to a particular client computer. 
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(paragraph 0147) . "SonicWall" also discloses wherein the login 
details are used such that the method for content filtering 
applies only to a particular client computer (pages 99-101, 
"User Authentication", subsection "Establishing an Authenticated 
Session") . 

It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the teachings 
of Freund and "SonicWall" since the references suggest that a 
user uses a client computer that contains an IP address in order 
to send a request and that the IP address of the client computer 
is used to filter content (paragraph 0147 of Freund) (page 96, 
"Source") . In view of these suggestions and teachings shown 
above, one of ordinary skill would have found it obvious to 
modify the references so that the login details of the user 
using the client computer are associated together since, in 
order for the teachings of "SonicWall" to operate, the user must 
login from a client computer. The authorized user is bound to a 
particular client computer at . the time of authentication, 
therefore, one of ordinary skill in the art would recognize 
that, in order for the user to be authenticated, the user must 
be associated with a particular client computer. 

Regarding claim 16, Freund discloses the content filtering 
gateway of claim 14 . 
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Freund does not expressly disclose wherein said memory 
further comprises a user database containing login details for 
multiple users and each user's associated filter privilege, 
however, "SonicWall" does disclose this limitation ("user list"; 
see pages 99-100) 

Claim 16 is rejected since the motivations regarding the 
obviousness of claim 7 also apply to claim 16. 

Conclusion 

THIS ACTION IS MADE FINAL, Applicant is reminded of the 
extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action 
is set to expire THREE MONTHS from the mailing date of this 
action. In the event a first reply is filed within TWO MONTHS 
of the mailing date of this final action and the advisory action 
is not mailed until after the end of the THREE-MONTH shortened 
statutory period, then the shortened statutory period will 
expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated 
from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to George C. 
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Neurauter, Jr. whose telephone number is (571) 272-3918. The 
examiner can normally be reached on Monday through Friday from 
9AM to 5:30PM Eastern. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, David Wiley can be 
reached on (571) 272-3923. The fax phone number for the 
organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free) . If you would 
like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 
(IN USA OR CANADA) or 571-272-1000. 



